Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.
An XCCDF Rule
Description
After enabling this feature, PUA protection blocking takes effect on endpoint clients after the next signature update or computer restart. Signature updates take place daily under typical circumstances. PUA will be blocked and automatically quarantined.
- ID
- SV-213426r823024_rule
- Version
- WNDF-AV-000001
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> "Configure Detection for Potentially Unwanted Applications" to "Enabled" and "Block".